Administering Oracle REST Data Services (ORDS)

When a database deployment is created on Oracle Database Cloud Service, Oracle REST Data Services (formerly known as Oracle APEX Listener) is started.

Note:

This section does not apply to database deployments that use Oracle Real Application Clusters. Such deployments do not include Oracle REST Data Services.

Adding a Signed SSL Certificate to Oracle REST Data Services

You can add a signed SSL certificate to the ORDS environment on a Database Cloud Service database deployment running ORDS 3.0.5 or later.

Deployments created after early October 2016 (version 16.4.1) already have the necessary version of ORDS installed. To check your version of ORDS, connect to the deployment’s compute node and enter this command:

$ java -jar /u01/app/oracle/product/ords/ords.war version

If you need to upgrade your version of ORDS, see Updating the Cloud Tooling by Using the dbaascli Utility.

Before You Begin

To add a signed SSL certificate, you must have the following:

  • The SSL certificate file from the certificate provider. This is a .crt file.

  • The private key file you gave to the certificate provider as part of your Certificate Signing Request (CSR). This is a .der or .pem file.

Procedure

  1. Copy the certificate and private key files to the database deployment’s compute node.

    Copy these files as the oracle user to the following locations:

    • Certificate file: /u01/app/oracle/product/ords/certificate.crt

    • Private key file: /u01/app/oracle/product/ords/privkey.der or /u01/app/oracle/product/ords/privkey.pem, depending on format.

    For instructions on copying files to the compute node, see Copying Files to or from a Database Cloud Service Database Deployment.

  2. Connect as the oracle user to the compute node.

    For detailed instructions, see Connecting to a Compute Node Through Secure Shell (SSH).

  3. If your key file is in .pem format, convert it to .der format:

    $ cd /u01/app/oracle/product/ords
    $ /usr/bin/openssl pkcs8 -topk8 -inform PEM -outform DER -in privkey.pem -out privkey.der -nocrypt
    $ rm -f privkey.pem
  4. Edit the standalone.properties file of your ORDS environment, adding these lines if missing:

    ssl.cert=/u01/app/oracle/product/ords/certificate.crt
    ssl.cert.key=/u01/app/oracle/product/ords/privkey.der

    This file is located at /u01/app/oracle/product/ords/conf/ords/standalone/standalone.properties.

  5. Set the permissions on the certificate and private key files:

    $ chown oracle:oinstall /u01/app/oracle/product/ords/certificate.crt
    $ chown oracle:oinstall /u01/app/oracle/product/ords/privkey.der
    $ chmod 400 /u01/app/oracle/product/ords/certificate.crt
    $ chmod 400 /u01/app/oracle/product/ords/privkey.der
  6. Restart ORDS:

    $ /etc/init.d/ords restart
  7. Close your connection to the compute node:

    $ exit

Stopping Oracle REST Data Services

  1. Connect as the opc user to the compute node.

    See Connecting to a Compute Node Through Secure Shell (SSH).

  2. Start a root-user command shell:

    $ sudo -s
    #
  3. Stop ORDS:

    # /u01/app/oracle/product/ords/ords stop
    INFO: Stopping Oracle REST Data Services...
    INFO: Oracle REST Data Services stopped
  4. Exit the root-user command shell and close your connection to the compute node:

    # exit
    $ exit

Starting Oracle REST Data Services

  1. Connect as the opc user to the compute node.

    See Connecting to a Compute Node Through Secure Shell (SSH).

  2. Start a root-user command shell:

    $ sudo -s
    #
  3. Start ORDS:

    # /u01/app/oracle/product/ords/ords start
    INFO: Starting Oracle REST Data Services...
    INFO: Oracle REST Data Services started with PID pid
  4. Exit the root-user command shell and close your connection to the compute node:

    # exit
    $ exit